[208] in DeathTongue Changes
RE: Pismere
daemon@ATHENA.MIT.EDU (Alejandro R. Sedeno)
Sun Apr 22 13:06:49 2001
Date: Sun, 22 Apr 2001 13:06:47 -0400
Message-ID: <45E3831E8A549C45A8E9C40ADC729DEA0319A6@shadowrealm.hyrule.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
From: "Alejandro R. Sedeno" <asedeno@MIT.EDU>
content-class: urn:content-classes:message
To: "Richard Tibbetts" <tibbetts@mit.edu>
Cc: <licks@mit.edu>
Right now the machine will not blow away any settings in your locker,
expect if you have a .winprofile for some reason or another. Sipb0 could
be reinstated, though pismere may have some things running out of AFS
and as such users would need tickets/tokens.
Like I said, as of right now there is no Office installed.
I can probably shut down some of those open ports, which will benefit
security but limit remote access (they typically go hand in hand). For
right now I'm leaving some of them open in case I need to perform some
kind of update but I can't stop by, here's what's left open:
Port State Service
135/tcp open loc-srv =20
1068/tcp open instl_bootc =20
3389/tcp open msrdp =20
-Alejandro
-----Original Message-----
From: Richard Tibbetts [mailto:tibbetts@MIT.EDU]=20
Sent: Sunday, April 22, 2001 12:31 PM
To: Alejandro R. Sedeno
Cc: licks@MIT.EDU
Subject: Re: Pismere
On Sun, Apr 22, 2001 at 12:12:46PM -0400, Alejandro R. Sedeno wrote:
> You now log in with your Athena principle. Make your profile world=20
> readable to be able to log in and use it again. I hear this situation=20
> will change later. (profile will be in your Athena home directory:
> ~/.winprofile)
So, should we be encouraging users who want to (for example) print
something from Word to log in using their Athena username and password,
or is the machine too bleeding edge for that at this point?
We used to have a local login sipb0 with no password. Does that make
sense to continue, or should we attempt to secure a full blown athena
account (such as one of the sipbN accouts, or a new account) for this
purpose?
Also, the machine seems to be listening for more things than it probably
needs to (though I am certainly not a windows guru).
Specifically:
innocuous:~# nmap -O dt
Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Interesting ports on DEATHTONGUE.MIT.EDU (18.187.1.72):
(The 1537 ports scanned but not shown below are in state: closed)
Port State Service
135/tcp open loc-srv =20
139/tcp open netbios-ssn =20
445/tcp open microsoft-ds =20
1068/tcp open instl_bootc =20
3389/tcp open msrdp =20
Remote OS guesses: Windows Me or Windows 2000 RC1 through final
release, Windows Millenium Edition v4.90.3000
It seems that unless we are deliberately doing file sharing, 135 and 139
are not neccessary. I don't know what the rest of this stuff is. I
certainly defer to you about what is required, I just want to make sure
we aren't running non-required services that could get us cracked.
Great work, looks good. I wonder if we will find outselves teaching
"Installing Pismere" come next IAP.
tibbetts
